Healthcare Compliance Tips You Must Follow
Los Angeles Healthcare Lawyer Assisting California Healthcare Entities With Regulatory Compliance
Healthcare professionals are subject to myriad laws and regulations creating many traps for the unwary. Overlapping and intersecting federal and state statutes and rules, as well as guidelines and requirements from professional licensing boards, can seem overwhelming at times. Here are a few tips from the regulatory healthcare compliance attorney at the Law Offices of Art Kalantar for your healthcare entity to follow to help ease your concerns and limit liability.
Follow the OIG’s “7 Elements of an Effective Compliance Program”
The Office of the Inspector General (OIG) of the Department of Health and Human Services issued guidance for healthcare entities designing and implementing regulatory compliance programs. The OIG is the entity responsible for combating fraud, waste, and abuse in the healthcare industry, and they conduct the majority of healthcare investigations. The OIG’s guidance is mandatory, and effectively following their compliance program guidance goes a long way in defending yourself against any allegations of misconduct.
The OIG’s seven elements are as follows:
- Implement compliance and practice standards.
- Designate a compliance officer and compliance committee.
- Conduct effective training and education.
- Develop effective lines of communication.
- Conduct internal monitoring and auditing.
- Enforce standards of conduct through well-publicized disciplinary guidelines.
- Respond promptly to identified offenses and undertake corrective action.
These elements are meant to be a starting point for practices to rely upon when crafting compliance policies and procedures. An effective compliance program will utilize these elements and expand upon them to protect your patients and your entity from liability. The OIG also offers the following tips for “creating a culture of compliance”:
- Make compliance plans a priority now.
- Know your fraud and abuse risk areas.
- Manage your financial relationships.
- Be wary of copying the questionable behavior of your competitors.
- When in doubt, ask for help.
Regularly Review your Policies and Procedures
It is easy to think that establishing a satisfactory set of policies and procedures is the end of your duty and that from that point onwards, you can simply refer to those policies as needed. Effective compliance, however, requires that you regularly revisit these policies and procedures, updating them and fixing any holes where necessary. A review should happen at least once a year.
Change Your Passwords
If your servers are hacked and your confidential patient data stolen, you may be on the hook under HIPAA rules. If the hack was made easier by lax security standards, you are even more vulnerable. One of the easiest and most-often forgotten security protocols is to have everyone with access to confidential data periodically change their passwords. Weak login credentials, including passwords, are among the top causes of data breaches. Set standards for acceptable passwords (at least six to eight characters, a combination of alphabetic, numeric, and different-case characters, etc.) and set periodic reminders to require everyone to change their passwords every once in a while.
Securely Store and Dispose of Confidential Patient Health Information
Whether your protected health information (PHI) is stored electronically or in physical paper copies, your healthcare entity must implement protocols to apply appropriate administrative, technical, and physical safeguards to protect your patients’ private information. Your procedures must be geared toward preventing any prohibited disclosure of PHI and limiting incidental disclosure. Paper copies of old records should be kept in a secure area while awaiting disposal, and they should be completely destroyed when disposed of (shredding, burning, pulping, or pulverizing), rather than simply tossing them out.
Borrow From Other Provider or Hospital Policies
If you are a smaller or newer healthcare entity or you are developing a compliance program from scratch, the OIG has stated that they are fine with you borrowing effective policies and procedures from other hospitals or healthcare providers. If their systems appear to be working, ask their compliance officers if they can share their methods. There is no reason to completely reinvent the wheel.
Your ultimate program should, however, be tailored to the specific needs of your healthcare entity. Borrow from other examples as a template from which to work, but do not simply copy theirs and call it a day. You need to ensure that your policies and procedures are a proper fit for your entity. Moreover, if there is anything problematic in the compliance program of your competitor or sister hospital, you do not want to keep that practice. A dedicated healthcare compliance lawyer can help you tailor compliance policies to the needs and requirements of your healthcare practice.
Southern California Healthcare Regulatory Compliance
For help with healthcare regulatory compliance in Los Angeles and California statewide, call the Law Offices of Art Kalantar in Beverly Hills at 310-773-0001 for a free consultation.